bef30bd6103491861870f95e7c6e6f690d419bbc0374031909ca1217c221b5d9

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c618120d699da4090b78256b6f052a4b.html
Size

432B
MD5

c618120d699da4090b78256b6f052a4b
SHA1

1e8cdbe27f7579774cd796a77e7efe54febd0ceb
SHA256

bef30bd6103491861870f95e7c6e6f690d419bbc0374031909ca1217c221b5d9
SHA512

292e7a62c1e53ef346a5eae14a5fbd20007aa8e5377db4c68f475dd6a5ef595cd65c9242ab76d51a622518ce4567c92c7e64fd58004808cfa6ee7d7615835644

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
3016	msedge.exe
3016	msedge.exe
4260	identity_helper.exe
4260	identity_helper.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2812	3016	msedge.exe	88
PID 3016 wrote to memory of 2812	3016	msedge.exe	88
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 4676	3016	msedge.exe	90
PID 3016 wrote to memory of 228	3016	msedge.exe	91
PID 3016 wrote to memory of 228	3016	msedge.exe	91
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92
PID 3016 wrote to memory of 3164	3016	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c618120d699da4090b78256b6f052a4b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9289846f8,0x7ff928984708,0x7ff928984718
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8432101185364860152,14375058783638376212,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65044900-cc7a-4eba-96ca-ab90c1214f86.tmp

Filesize
1KB

MD5
e8bf4aa27a9edfa9b8a4a51c307462c0

SHA1
b5b8676c6f974a9f17d5d2286b0418be0aeacab2

SHA256
6c0bfa05d8ba5e09d335322687c70ca9403ec8026a966bca35582dce627f20ee

SHA512
6e297ec2fdb627c0780b51ffaa74be0d22af57a35cce884c1a0831cff16dd01acca0f0ecb048ba64e3a96587928a4b11c92c66ba40858b23202d79d9495fbf15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
cdec19b9c6c01215ffec538037d2262f

SHA1
a892bdc297b148ac9b5092391be11f639e163c65

SHA256
df2e75dd107231b1fbb3089c0a2520fb143cf2ca0bc720d6577697f0ff523f56

SHA512
bfb082d57cc7d9b4dcae7257a233608c52e48f18b81cfc27b1352f0ec438f54acc0c7e9c9339e331fa5c99d2b4ea03275625707050c4e23b3336c02ffd1cc31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
caca847b69917a83dc7b140d033c0067

SHA1
a33e620367a78b2a2f34fd8f1d0bfabd6aaaf70d

SHA256
4713190d150a95dcd6110848dda48ed62abd0559230686d82a131e6735f4cbb5

SHA512
b0ea38eb6429fe051b08aceb501e1e51b3e27094bea45352ddcdcdd7c85bdebc5f77d6a29ed1d8b757f5e36fb9b8512878f225481a55bc4104ad5251ccfdf1f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_worldfreshjournal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5f6913844bf9d63f619e7233175b7851

SHA1
c3ba97df26067917f63614cfae069029b44b42a3

SHA256
ccc8ced87b2796d417c2c241fcf691400319483144233935ef505af3fe4dd550

SHA512
e0a42af8f30df7e22c5257118a37b2d652af6ac6d5a5e4cd826ff85865d8e3feee7ce0d6b662e9dfcd0c8e94f069b3f2aabd9b15547bc027271e731238b134a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b4182e7a76831f6e2cb8971aa66562be

SHA1
1d7b138ca4ddecf91467ab3575def22de588f8b8

SHA256
8c92da0e68ffb697d9f35f3610675fb87421d5e54a6800643a8e5e464bd8dc17

SHA512
03aeba1e0623a8b8d69bcbd96609b752c133c6b3376bb8a39fcceb1401e2034ed2f03001571f163a32842a0cca07e08c296a651665b8cc36477b49d01db9f86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c8fedccc92631b79720635ad564c46a

SHA1
93fa55b4534663511d4e9aa29a5ca5df4425fdfc

SHA256
b090c5b0307b9738a725d2771438adcd8881bffc94bf5f233b02a3032ac80e4f

SHA512
7f3b110bfab5b4df5ce99bd716e4204cf515d872b267960362c05060b5755c12b14a5e3b746328405c531d54b4ed22633db8029cabbf2e6db06baa83a91f4d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
959430a3bfd2e93025dad8c23b3be3c9

SHA1
6f462f857e4ea7d0cedf525e101fdfbf15a20894

SHA256
d807964c7256ed5cefab0335f18f886ab290ca8d9e768557804972f11a764109

SHA512
9d8ea468e66c265e119d32f2134322321a02e2faaa397c8bebb4a2a4265525894d71b8f211aeffd6ef8adef657eab4515c1581b046eb0f16674f929fc516acdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
277faad5846521df4df12a60385b9050

SHA1
6eb112c83908a98ce5418a6d907e8289f421b389

SHA256
607dfae717f9a31a627d878acccd1e0f0398819d249697a75ee76865286861fe

SHA512
ba0218d0491599c6d134f863853455cb530c5e9d8c2cf5c5336ece11ff25aae31ac0d6a6b61e4f9c46a5cb8861a82884946ee92ba729fcab8d05c9d11bb120cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
eef96fbb6c8ffee9d53f2fee3d9c67a0

SHA1
ace70459b624e3814c39a9d2344723c3ce78612f

SHA256
b1d815376d4ee3d2946d113a2afcee4ae905611ed705b73deaf8f2a3d80b7a31

SHA512
03fa838368e811af2eab29ed5d3cb69c08ee57994608f2864f49e9ff49dbad8a858c872c4e98d71615d7fe49377c811f98ce24210e51e3913c2d838b4b4230b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579470.TMP

Filesize
48B

MD5
ddc42da533f66586a9d42b445b74a936

SHA1
2a568f740b883a81075e4a0cec57a4c36d17b775

SHA256
bcdebb357a669a1eb9044d9c816f688878f797f6dbeac2bbd52479644adacbcf

SHA512
0d4f9c9b11441fd362a458edc7404a5ee94d48b471ba3d6da1f53b5a878c51052533f50d121c05f1974cc6432658acb84ef9748d4362126628b0e2b2dc495180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2bf04fa497f533a75db6621e85281f65

SHA1
25e28236708fef5ddf9cec00c60ffeb9ec0af0bd

SHA256
b18451d0bf142eef1156a252ac9c35245726e228982b38c1296c4dbff0325866

SHA512
66e8dfe4ce89fa6b999afea237ac2306982b5c03879da9b5388d694d34ad544ed498a145eb8081af42c3d4994939a387761d109826eeedb2ca515bfabdc8f07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
999c98c9594c0c1c4a38257777437e60

SHA1
903f79538e50d524395f4d753c758400c357b260

SHA256
c6d6edc59ba5e277241161689deac72c404d5a08a8ebc14767b1c88b6f17ea6d

SHA512
21e9faf550e0583048479dc6720ea97dc02e72298e934cf079c6d73aa01e1e362282a6951cba09ae6cd891144a4cb283e2d7d47cd6e3a475388fa685af3349dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5793f3.TMP

Filesize
1KB

MD5
97c9b120c4516d435b974e789ad86f59

SHA1
46d52b528ed8c6622d996bf48fa634bb7e00c659

SHA256
48eb6a1a0cb1d921a48bc67a174a95ca0a2c5dd22f63c75aa22f34d2025ff5df

SHA512
4b947020af1445c810c722c16f8ca81d07dfa75c688402f9c9ea0254bb045b781d152cde0291f7a3eb650a848a22b393aca71c28a603c248de44cc9a49375ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e4e13c6f29f598b3298c069394217fb

SHA1
dc0621659949d2df3d5580c4cb3f40fc52edae70

SHA256
60472037f68b0eff53b12257e5830c22fc3d16eca3359dcb3d5b62bb2d041d46

SHA512
9dca82735f7c7fb304580edb012cdf4f8b7c1064a52398da7e0f7b503643342a1b3f205cf37086cf87c2e7483761cba9b41b127ecf76d57532b0aa33b6217016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12e3661618d4f92ddc197c63acf9d7e0

SHA1
693a00a7f122286a45070d78fd14c9299ce3bb5d

SHA256
be62c9a0adf8ca23623ae217e02e1e1c0e52897184046abe513f0a25d7362265

SHA512
9a821a45de32a837d98b7482e529bfa24eb50dd015a1df3cf9f7dc9c3f02ef26e424d0a9edcf99032f80efcf36f2860189c79eff41033914a186df64cab8644a

Download Submit